Remote Chief Information Security Officer - SaaS Focus

About the Role

We are seeking a Remote Chief Information Security Officer to lead our security initiatives at ButterflyMX. As our CISO, you will be responsible for protecting our customers, employees, and partners across cloud, IoT, and enterprise systems. This role is pivotal in shaping our security strategy while ensuring that our security measures support our growth without hindering innovation.

What You'll Do

• Own and evolve the company’s security and privacy strategy.
• Scale and mentor the Security team, developing great security team members as the company grows.
• Build and mature the company’s security framework, balancing pragmatism and rigor across system security, application security, infrastructure security, and device security.
• Lead security operations and incident response, ensuring the company can rapidly detect, respond to, and recover from threats.
• Oversee compliance programs (e.g., SOC 2, GDPR, CPRA) and maintain a continuous improvement mindset beyond checkbox compliance.
• Partner with Engineering and Product to embed security into the SDLC, CI/CD pipelines, and IoT device lifecycle.
• Establish and maintain relationships with key stakeholders, such as executive leadership, providing actionable metrics and insights into security posture, risk trends, and emerging threats.
• Oversee vendor risk management and ensure robust controls across third-party services and integrations.
• Conduct regular security awareness training and education programs for employees.
• Evaluate and select security technologies and tools to enhance the organization's security posture.
• Build a strong security culture, from awareness and education to clear policies and positive engagement across all teams.
• Optimize the security budget and make pragmatic tradeoffs that balance protection, velocity, and business impact.

Requirements

• 10+ years of progressive experience in information security, including 3+ in a leadership role at a SaaS or technology company.
• Experience securing cloud-native systems (AWS/GCP) and managing organizational security at a remote-first company.
• Deep understanding of security frameworks and standards (e.g., NIST CSF, CIS, ISO 27001, SOC 2, OWASP).
• Strong background in incident response, threat modeling, and risk management.
• Proven ability to partner with product and engineering teams to design secure, scalable architectures.
• Experience building and mentoring high-performing security teams.
• Excellent communication skills enabling you to distill complex security topics for executives, engineers, and customers alike.
• A balanced, business-first mindset: you make practical, risk-informed decisions rather than striving for theoretical perfection.
• Certifications such as CISSP, CISM, or CRISC (preferred but not required).

Nice to Have

• Experience with security in IoT environments.
• Knowledge of privacy regulations and compliance requirements.
• Familiarity with security tools and technologies.

What We Offer

• Comprehensive Medical (ButterflyMX covers 90% of the cost), Dental, and Vision plans (ButterflyMX covers 100% of the cost) starting day 1.
• 401(k) plan with a match.
• 13 paid holidays and 25 days PTO.
• Paid Family Leave.
• Employee Assistance Program.
• Quarterly self-care stipends.
• Collaborative, dynamic work environment filled with kind, smart people, who are working hard on an industry-defining product.
• ButterflyMX is an equal opportunity employer and we value diversity at our company.